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METHOD AND SYSTEM FOR IDENTIFYING THE IDENTITY OP A 
USEE 

FIELD OP THE INVENTION 

The present invention relates to communica- 
5 tion systems, in particular, the present invention re- 
lares to a novel and improved method and system for 
identifying a user in a communication system, 

r 

BACKGROUND OP THE INVENTION 

10 User identification is an essential procedure 

for various tasks m the internet pnvi ronmenr . user 
identification is needed in various environments, e.g. 
in email login, on-line shopping, on-line banking etc. 
There is always a fundamental problem to be solved 

15 when using on-line identification methods, namely, how 
rn make sure that the person making the identification 
is actually the person who he/she claims to be. 

For identitication purposes, several solu- 
tion© are ucsed to solve the aforementioned problem. A 

20 basic solution is to use a usemame and password. The 
username/password combination ie often adequate for 
identification purposes but not always- Today r a num- 
ber of services require* usPr identification, and for 
this reason, an individual may have tens of different 

25 username/password pairs stored somewhere, e.g. in a 
computer or a paper sheet in a drawer. Therefore, 
b-umeLimea these username/password pairs may end up to 
people not authorized to use them, e.g. the computer 
may be vulnerable for hacking 0* the didwer is* too ob- 

30 vious place to hide the username/password pairs. 

There are also other identification solutions 
u*sed in on-line identification solutions. A user may 
one or more scatic piece of identification infor- 
mation (e.g. username and/or password) but alao a 

35 varying piece of information (^.g. a varying PIN code) 
is needed * This is the solution at least in several 



VAST.OTTO 31-01-03 19;2r MISTA- +358934800031 KENELLEPATREK Aslakaspalval SIVU 003 



31-01-03 19:30 Uh. -PAPULA GROUP +358Q34800631 T-BH S.04 F-5A6 



on-line banking solutions. In these solutions, each 
session and/or trausactiun requires <* pxedeLer mined 
varying identifier to be used. 

The current discussion about identification 
5 solutions primarily concentrates on Internet -based so- 
lutions. This is of course important because data net- 
works, such as the internet, are always vulnerably to 
hostile attacks or hackerc. 

There are, however, also a number of on-line 

10 identification solutions used in telephone networks. 
There exists several phone services through which con- 
fidential information can be acquired or changed, e.g. 
telephone bank cervices, various health- related serv- 
ices, telephone operator services etc, in such serv- 

15 ices, some kind of identification procedure is often 
used. A calling person can be identified e.g. based on 
the A-number (calling line identitication) , customer 
identification number, PIN code, uoemame and/or pass- 
word etc. These solutions are very similar to the ones 

20 used in Internet -ba&ed solutions. 

All the aforementioned solutions have, how- 
ever, some drawbacks. Some of these drawbacks will now 
be discussed shortly; 

A-numb er (calling line identification] : An A- 

2 5 number identifies only the terminal or subscription 
from which the phone call is set up. It does not nec- 
essarily identify the calling person. It is always 
possible that someone fraudulently -poses as being 
someone else. 

30 Personal Identification Number (PIN) : A PIN 

code can be used alone or wxth e.g. the A-number in 
identification. It may be difficult, as previously 
mentioned, to remeiubex PIN codes related to each serv- 
ice. Again it is possible that someone fraudulently 

35 poses as being someone else, 

varying exu cgde wa-tft a custo m er identif i ca- 
tion number? This solution was discussed above 
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briefly, Systems baaed on using varying PIN code with 
a customer identification number are in itself reli- 
able but expensive to act up, ucc and maintain. Solu- 
tion of this kind is used at least by telephone banks 
5 or other service providers using an up-to-dat© regular 
customer system. 

Some of the services provided by the public 
sector or other (private or commercial) service pro- 
viders have a need to implement a significant part of 

10 the existing services via telephone voice connections. 
These services, however, require a reliable identifi- 
cation of an individual or customer before providing 
the service. Furthermore, some of the services pro- 
vided by r.hft public sector or other (private or com- 

15 rnercial) service providers via telephone voice connec 
cions require a digital signature from the individual 
or customer. 

Therefore, there is particularly an obvious 
ne»ed for a raliablft on-line r.fil aphon* i d«=mr i f i nari nn 

20 solution with which a calling person can be identified 
prior to providing service via the telephone connec- 
tion. The solution should be secure and above all, 
easy to use and adopt and widely available when 
needed, 

25 

SUMMARY OF THE INVENTION 

The present invention describes a method and 
system for identifying the identity of a user of a 
first terminal in a communication system. The system 

30 comprises at least a communication network, a first 
terminal associated with the communication networK, a 
service provider associated with the communication 
neuwoxK and a certificate service provide* - FuiLher- 
more, the first terminal preferably refers to a mobile 

35 phone, 

in the method, a first logical channel is set 
up from the first terminal to the service provider. 
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The service provider refers e.g. co a bank, police, 
pose office, uperaLur, cxediL caxd cuuipauy, insuraxice 
company, telephone bank, social insurance institution 
etc. The identity of the user of the first terminal is 
Then identified via a second logical channel other 
than the established first logical channel between the 
service provider and the first terminal prior co pro- 
viding any ocrvicee co the user of the first terminal 
via the established first logical channel. In other 
words, che present invention uses a second logical 
channel to identify the identity of the user of a 
first terminal. The logical channels may be circuit 
switched or packet switched. Furthermore, the user may 
be identified by a separate party via che second logi- 
cal channel, the party being other than the user of 
the first terminal. 

In one embodiment, the communication network 
is a mobile telephone network. In one embodiment, the 
first and/or second logical channel refers to the 
standardized GSM network data transmission feature 
that can be used simultaneously during a circuit 
switched speech connection. In other embodiments, the 
logical channels may refer e.g. to transmission chan- 
nels of a tii»Rb\ umts, wcuma, L'DMA, KDGE. Bluetooth, 
WLAN network or to any other existing or future data 
Lrcuifcsmissiuji network. 

In one embodiment of the present invention, 
the service provider sends a user identification re- 
quest to the iirst terminal via a second logical chan- 
nel (e.g. via a packet switched connection) while a 
first logical channel exists between the first termi- 
nal and ths service provider. The request is prefera- 
bly ytsxiL La Lhe JTirsL Lermiueil directly *nd mure pref- 
erably, using a security gateway forming an interface 
towards the first terminal. The request is preferably 
encrypted. The first terminal receives the request and 
decrypts it if encryption was used. In order to give 



-03 19:2r 



MISTA- 435B93490QG31 



KENELLEPATREK Ariibspalvei SIVU 006 



31-01-03 19:30 



Uh. -PAPULA CROUP 



+358934800831 



T-911 S. 07/49 F-59B 



an adequate indication of the identity of che user of 
the first terminal, che request is signed digiL&lly by 
che first terminal. 

In order to create a digital signature, the 
5 first and/or second terminal s rifted no comprise an en- 
cryption Key. and furthermore in order to create the 
digital signature, the user ot a terminal must have a 
correct pass phrase or FIN code to activate the signa- 
ture creation. The signed identification request is 

10 chen sent eichar directly to che service provider or 
more preferably, to Lhe aeeuxity gateway- The signed 
request may also be encrypted by the first and/ or sec- 
ond terminal. 

The digital signature is then verified based 

15 on a certificate corresponding to the authentication 
Jtey used in cxeatinq the digital signature, the cer- 
tificate being acquired from a certificate service 
provider or other service provider. The verification 
is preterably made by the service provider , and more 

2 0 preferably, by che security gateway. If the user is 
properly authenticated <uul the result of the verifica- 
tion is positive, the user of the first terminal may 
now be provided with services provided by che service 
provider via the exi Bring tirfit logical channel. 

25 For acme reason, the set up firat logical 

channel may fall while the identification and valida- 
tion process is scill unfinished. Therefore, a proce- 
dure for re-establishing a validaced connection lias to 
be provided. If the first logical channel taxis during 

30 the verification procedure, the service provider cre- 
ates a challenge, e.g. a password, and encrypts it us- 
ing the public encryption key of the user of the first 
terminal. The encrypted challenge is then sent 10 the 
first terminal either directly or mnr? preferably . ns- 

35 ing the security gaceway. The first terminal decrypts 
the encrypted challenge, sets up a new logical channel 
to che cerviee provider and provides the service pro- 
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vider wich the decrypted challenge- Tf r.hft challenge 
is acceptable, the user of the first terminal is pro- 
vided via rh* re- established logical channel with a 
service by the service provider, 
b The present invention enables a reliable 

identification of an individual or a customer over a 
logical channel, e.q. a telephone line. The present 
invention provides a solution wherein multiple serv- 
ices Cflui use the same security solution for authenti- 
10 cation, authorization, administration and access con- 
trol. Furthermore, the solution io coot-efficient, se- 
cure and easy to implement into the existing systems. 



BRIEF PESCRIPTION OF THE PBAWXNQ3 

l* The accompanying drawings, which are included 

to provide a further under standing of the invention 
and caastiLuLe a part of this specification, illue- 
rrarp embodiments of the invention and together with 
the description help to explain the principles of the 

2a invention, in the drawings: 

Pig 1 is a flow diagram illustrating a user 
identification procedure in accordance wiLh the pres- 
ent invent ion, 

Fig 2 is a flow diagram illustrating a user 

25 identification procedure m accordance with the pres- 
ent invention. 

Fig 3 is a flow diagram illustrating a re- 
establishing procedure in accordance with the present 
invention, 

30 Fid 4 is a flow diagram i 11 usr. rating a user 

identification procedure in accordance with the pres 
ent invention. 

Fig 5 i3 a flow diagram illustrating a re- 
escabliyhiuy procedure in accordance with the present 

35 invention. 
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Fig- S is a flow diagram illus tracing a. user 
i dent if icatlon procedure in accordance with the pres- 
ent invention , 

Fig 7 is a flow diagram illustrating a user 
5 identif .i car ion procedure in accordance with the pres- 
ent invention, 

Pig 8 is a flow diagram illustrating a user 
identification procedure in accordance with the pres- 
ent invention, and 
10 Pig 9 is a block diagram of an embodiment of 

the system in ciccoi dance with the present invention. 

DETAILED DESCRIPTION OP THE INVENTION 

Reference will now be made in detail to the 
lb embodiments of the present invention, examples of 
which ore illustrated in the accompanying drawings. 

In the following examples, a user is consid- 
ered to be a user making a phnn* II . Tr is avi dftnr. 
that the call connection may be any other appropriate 
logical channel or connection le.g. a packet switched 
channel or connection) between a user terminal and a 
service provider. 

Figure l describes an embodiment of a user 
identification procedure. A call connection is set up 
?5 (10) from a caller terminal DTE to a service number at 
a service provider SP via a communication network NET, 
The service provider SP refers e.g. to a banX, police, 
post office, operator, credit card company, insurance 
company, telephone bciiik. or social insurance institu- 
te tion. It may, however, tm any othftr company or insti- 
tution that provides services requiring undisputed 
identitication ot the caller, in Figure 1, the service 
provider SP comprises at least a service provider 
server/ exchauye SPS, cusLumex database DB and customer 
35 servant SERV. The communication network NET is pref- 
erably a mobile telephone network. The caller terminal 
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DTE is preferably a mobile phone comprising a sub- 
scriber identity module SIM. Instead of a. subscriber 
identity module STM, a. Wireless Identity Module (WIM) , 
an UMTS Subscriber Identity Module (DSIM) , a security 
5 module or any other tamper-proof device can be used. 
The subscriber identity module SIM or any other tam- 
per-proof device enables encryption and decryption o£ 
information and also forming of a digital signature. 
In a preferred embodiment, the subscriber identity 
in module SIM or any pother tamper -proot device also com- 
prises a storage for encryption and/or decryption 
Keys, furthermore, in a preferred embodiment, public 
Key Infrastructure CPKI) is used .in encryption anr\ dft- 
exypLion. 

15 Th« savvies provider server SPS sends a 

c aller identification request (11) to a cccurity gate- 
way gw- in Figure 1, the security gateway Gw is owned 
by the operator of the communication network NET and 
it provides various BeeuriLy-relctted luuLtioiw, such 

2 0 as encryprmg *nd dftcrypring. The retjuest (11) is 

transmitted to the security gateway GW through a sc 
cured connection (e.g. secured sockets Layer (SSL) ) 
e.g. in the form of HyperText Transfer Protocol 
(HTTP) , Wireless Markup Language (WML) ur EAUeueible 
2S Markup Language (XML) , 

It is very important to note that, in this 
ftmfrorhmfinr., rh« call connection is maintained during 
the identification phaoc. 

The security gateway gw identifies the serv- 

3 0 ice provider SP based on a service provider certifi- 

cate, dewypus Lhe seemed uunnecLioii and receives the 
caller identification requesr in r.lmr r«vr p..g. in 
the form of XML, WML or short message. The caller 
identification request is then converted into a form 
3 5 underctood by the subscriber identity module SIM of 
the mobile terminal DTE axul eucrypued wiLh vynnieLxxu 
encryption method of rhp Global System for Mobil ft com- 
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mimic^cions (GSM) . Th^ encrypted message is then sent 
(12) co che mobile phone DTE. 

The mobile plione jjtk and/or the subscriber 
identity module SIM decrypt (s) the message and the de- 
5 crypted message is displayed to the caller on che dis- 
play of the mobile phone DTE . The subscriber identity 
module SIW may uompxise a browser that converts the 
message into SIM Toolkit commands prior to dxspiayxng 
the message on che display. The displayed message is 

10 then digitally signed with an authentication key of 
the caller, and che signed message is sent (13) to the 
security gateway GW- Th<* wigucrd me&fiiacje ies preferably 
converted into the form Public -Key Cryptography stan- 
dards #1 (PKCS#l) and encrypted prior to sending. 

15 PKCS#l is further described e.g. in 
htcp://www,raasecuricy.com/rsalabe/pkcs/ . 

The security gateway GW decrypts che iiiesaaye 
and fetches (14) a certificate related to the sub- 
scriber from a certificate directory DIR of a certifi- 

2 0 cate authority CA. The certificate authority CA main- 
cainc one or more certificate directories and a cer- 
tificate revocation list clr comprising information 
about revoked certif icaces . A certificate comprises 
identification information of the certificate owner 

2 5 and above all, rhe public key of rh* nwn«r. With r.ho 

public key it is possible to verify a digital oigna- 
ture, verification process refers to a process per- 
formed by a verifier either soon after the creation of 
an electronic signature or later to determine if an 

3 0 electronic signature is valid against a signature pol- 

icy implicitly or explicitly referenced. Verification 
is linked very strongly to the term 'validation data' . 
Validation data refers to the additional data needed 
to validate the electronic siqnature; this includes 
3 5 e.g. certificates, revocation status information (e.g. 
CKLs) and trusted time- stamps* Furnhermore, the secu- 
rity gateway GW creates a PKCS#7 message and sends 
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(15} the mcooage to the service provider SP preferably 
using a secured coiuiecrLiou. PKCS#7 is further de- 
scribed e.g. iT) 

htup: //www. isasecurity.com/rsalabs/pkcs/. 

Th<=» service provider SP authenticates the 
caller and verifies (ic) the digital signature and 
checks trom the certificate revocation list CLR that 
the certificate is valid. If the verification proce- 
dure was successful, the caller may now be provided 
the requested service. Furthermore, the service pro- 
vider uuay cxeate a data record containing the caller 
information (17) trom the database db. validation in- 
formation and a call log information, call log infor- 
mation simply indicates that the call had exiaLed 
during the identification procedure. The customer ser- 
vant SERV preferably uses a computer, and therefore, 
is automatically provided (18) with the aforementioned 
data record prior to talking to the caller. 

Figure z describes another embodiment of a 
user identification procedure. A call is set up (20) 
from a caller terminal DTE to a service number of a 
service provider SP via a communication network NET. 
The service provider £3P refers e.g. to any private, 
commercial or state-owned institution, e.g. to a bank, 
police, post office, operator, credit card company, 
insurance company, telephone bank or social insurance 
institution. It may, however, be any other company or 
institution that provides services requiring undis- 
puted identification of the caller, m Figure 2, the 
service provider sr cornpriacc at least a cervice pro- 
vider server/exchange sfs, customer database db and 
customer servant SERV, The communication network NET 
la preferably a mobile telephone network- The caller 
r.s-rminal DTK is preferably a mobile phone comprising a 
subscriber identity module 0IM. Instead of a sub 
scriber identity module sim. a wireless Identity Mod- 
ule (WIM) , an UMTS Subscriber Identity Module (USIM) , 
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a securiLy module or any other tamper-proof device can 
be. usp.fi. The subscriber identity module SIM or any 
other tamper-proof device enables encryption and de- 
cryption of information and also forming of a digital 
signature. In a preferred embodiment, the subscriber 
identity module SIM also comprises a aLoraye lux en- 
cryption and/ or decryption keys. Furthermore , in a 
preferred ejnbodimexjL, Public Key Xnf rastructure (PKI) 
is used in encryption and decryption. 

The service provider SPS sendp a caller iden- 
tification request (21) to a security gateway GW. in 
Figure 2, the security gateway GW is owned by the op- 
erator of the communication network NET and it pro- 
vides various securi r.y-related functions, such as en- 
crypting and decrypting. The request (21) is transmit- 
ted to the security gateway gw through a secured con- 
nection (e.g. Secured Sockets Layer {SSL}} e,g. in the 
form of HyperT«xL Txeuifcsfex Protocol (HTTP) , Wireless 
Markup Language (WML) or Extensible Markup Language 
20 (XML) . 

it is very important to note that the call 
connection io maintained during the identification 
phase. 

The security gateway GW identifies the serv- 
25 ice provider SP based on a service provider certifi- 
cate, decrypts the secured connection and receives the 
caller identification request in clear reset e.g. in 
the form of XML. WML or short message . The caller 
identification request is then converted into a form 
understood by the subscriber idenLiuy module SIM u£ 
the mobile terminal DTE and encrypted with symmetric 
encryption method of the Global System for Mobile com- 
munications (GSM) . The encrypted message is then sent 
(22 J to the mobile phone DTE- 
35 The mobile phone dte and/ or the subscriber 

identity module SIM decrypt (s) the message and the de- 
crypted message is displayed to the caller on the dis- 



30 
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play of the mobile phone DTE • The subscriber identity 
module SIM may comprise a browser thai: converts the 
message into £)IM Toolkit commands prior to displaying 
the message on the display. The displayed message is 
5 chen digitally signed with an authentication key of 
the caller and the signed message is sent (23) to the 
security gateway GW. The signed message ifi preferably 
converted Iiilo the form Public-Key Cryptography Stan- 
dards #1 ( PKCS#1 J and encrypted prior to sending . 

10 PKCS#1 is further described e.g. in 

http: / /www, rsasecurity . com/rsalahs/pkcs/ . 

The securiry gar.pway ow decrypts the message 
and fetches (24) a certificate related to the sub 
scriber from a certiticace directory DIR of a certifi- 

1S cate authority CA. The certificate authority CA main- 
tains one or more certificate directories and a cer- 
tificate revocation list CUR comprising information 
about revoked certificates. The certificate authority 
ca m^y also comprise information about which users are 

20 authorised for one or more cervices and which are not- 
A certificate comprises identification information of 
the certificate owner and above all, the public key of 
the owner. With the public key it it? possible lu ver- 
ify a digital signature. The security gateway gw veri- 

25 fies the digital signature and checks from the cer- 
titicate revocation list CLE that the certificate is 
valid. If the verification procedure was suceeeeful, 
the security gateway GW sends (25) verification posi- 
tive message to the service provider SP preferably us- 

30 ing a secured connection. The service provider eerver 
t-hen rreane.fi a data record containing the cailer in- 
formation (2(5) from a database DB, validation informa 
cion and a call log information, call log information 
simply indicates that the call had existed during the 

35 identification procedure. The uutiLumer sexveuiL SERV 
preferably uses a oompurpr, and r/h^reforft, is auno- 
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matieally provided (27) wi rh the aforementioned data 
record prior to calking to the caller. 

Figure 3 describes an embodiment: in which the 
originally establish call connection fails and che 
5 call connection is re-established. 

When the service provider server SPS detects 
that the call conneetioxx duet* not exist any more, it: 
creates a challenge. A challenge is any piece of in- 
formation containing e.g. alphanumeric characters. The 

10 challenge is then encrypted using the public key of 
the caller- The public key is acquired from a previous 
PKC3ft7 message, or if such utttHacigcs U&.x uul L>e<=n re- 
ceived, from a public certificate directory. After 
this, the service provider server SPS sends (30) the 

15 encrypted challenge via the security gateway GW to the 
caller terminal DTE that is preferably a. mobile phone 
(31) . 

The example described in Figure 3 assumes 
that the caller identity was already identified and 
?f) validated before and that the original call connection 
failed- Therefore, after cending the encrypted chal- 
lenge to che caller, the service provider server sfs 
sets the validated identification data into a hold 
state • 

25 The mobile phone DTE and/or the subsnrih«r 

idencity module SIM or alike incorporated therein do 
crypt (s) the encrypted challenge and sets (32) up a 
new call connection to the service provider SP. The 
exchanqe SPS redirects (33) the call to a customer 

3 0 servant SSRV and provides che customer servant SERV 
with the already validated identification information 
and the challenge sent to the caller. If the caller 
then gives the right challenge to the customer ser- 
vant, the caller may be provided with the service in 

3 5 question. 

Figure 4 describes another embodiment of - a 
user verification procedure. A call is set up I40j 
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from a caller terminal DTE to a service number of a 
service provider SF via a communication network NET. 
The service provider SP refers e.g. r.o any private, 
commercial or state-owned institution, e.g. to a bank, 
poli oe. pose office, operacor, credit card company, 
insurance company, eelephone bank or social incurance 
institution, it may, however, be any other company or 
institution that provides services requiring undis- 
puted identification of the caller. In Fiyuxe 4. the 
service provider SP comprises at least a service pro- 
vider server/ exchange SPS, customer database DD and 
customer servant serv. The communication network NET 
is preferably a mobile telephone network. The caller 
terminal DTE is preferably a mobile phuue comprising a 
subscriber identity module SIM. Instead of a sub- 
scriber identity module SIM. a Wireless Identity Mod 
ule (WIM), an UMTS Subscriber identity Module (USlMl , 
a security module or any other camper-proof device can 
be used. The subscriber identity module SIM or any 
other tamper-proof device enables encryption and de- 
cryption of information and also forming of a digital 
signature. 

The service provider exchange SPS connects 
(41) the call to a free customer servant serv. After 
that the customer servant SERV transmits (42) a caller 
identification request, lo the security gateway GW. In 
Figure 4. the security gateway GW 1s owned hy rhr op- 
ex-ator of the communication network NET and it pro 
vides various security-related functions, such as en- 
crypting and decrypting. The request is transmitted to 
the security gateway gw through a secured connection 
(e.g. Secured Sockets Layer (SSI) ) e.g. in the form of 
ByperText Transfer Protocol (HTTP), wireless Markup 
Language (WML) or Extensible Markup Language I XML) . 

Ic is very important to note that the call 
connection is maintained during the identification 



phase. 
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The security gateway GW identifies the serv- 
ice provider SP based on a service provider certifi- 
cate, decrypts the secured connection and receives the 
caller identification request in clear text e.g. in 
the form of m, WML or short message. The caller 
identification request is chen converted into a form 
understood by the subscriber identity module SIM of 
che mobile terminal DTE and encrypted with symmetric 
encryption method of the Global System for Mobile com- 
munications (GSM). The encrypted message is then sent 
(43) to the mobile phone DTE. 

The mofcile phone dte and/or che subscriber 
identity module SIM decrypt Is) the message and che de- 
crypted message is displayed to the caller on the dis- 
play nf rhe mobile phone DTE. The subscriber identity 
module SIM may comprise a browser chat converts the 
message into sim Toolkit commands prxor to displaying 
the message on che display. The displayed message is 
then digitally signed with an authentication key of 
rhe fallfir, and nhe signed message is sent (44) no the 
security gateway GW. The signed message is preferably 
converted into the form Public-Key cryptography stan- 
dards #1 (PKCS#l) and encrypted prior to sending. 
PKCS#i is further described e.g. in 
htcp ; //www . rsasecurity . eom/rsalabs/pjccs / . 

The security gaceway GW decrypts che message 
and retches 145) a certificate related to the sub- 
scriber from a certificate directory DIR. of a certifi- 
cate auchoricy CA. The certificate authority CA main- 
cains one or more oercificace directories and a cer- 
tificate revueeaiou li« L CLR relaLed uo revoked ox un- 
usable certificates. The certificate authority CA may 
also comprise information about which users are 
authorized for one or more services and which are not. 
The perm authorisation iceelf refers co the process of 
giving someone permission to do or have someching. A 
certificate comprises identification information of 
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the certificate owner and above all, the pub! in key of 
the owner. With the public key it is possible to vcr 
ify a digital signature. Furthermore, the security 
gateway GW creates a PKCS#7 message and sends (46) the 
b message directly to the customer servant SERV prefera- 
bly ucing a secured connection. PKCS#7 is further de- 
scribed e,y. ia 
http : / /www. rsaseeurity , coro/rsalabs /pkcs/ . 

The customer servant SERV verifies (47) the 

10 digital signature and checks from the certificate 
revocation list CLR that the certificate is valid- If 
tlie verification procedure was successful, the culler 
may now be provided with r.Tie requested service atter 
fetching (48) the caller-related information from a 

15 customer database DB. 

A3 described with Figure 4, the verification 
procedure and validation of the caller may in another 
embodiment be in its entirety implemented in the secu- 
rity gateway GW. 
70 Figure 5 describes an embodiment in which the 

originally establish call connection faile and the 
call connection is re-established. 

When the customer servant SERV realizes that 
che call connection dues hol exist any more, it cre- 
ates a challenge, a challenge is any piece of informa- 
tion containing e.g, alphanumeric characters. The 
challenge is then encrypted using the public key of 
the caller. The public key is acquired from a previous 
PKCS*7 messaqe or if such message hay nut been re- 
ceived from a public certificate directory. After this 
the encrypted challenge is sent (50) via the security 
gateway GW ro (51) the caller terminal DTE which is 
preferably a mobile phone. 

The example described m Figure 5 assumes 
that the caller identity was already identified and 
validated before and thac the original call connection 
failed after than. Therefore, after sending the en- 
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eryptcd challenge to the caller, the customer servanr 
SERV sets the validated identification data into a 
hold state. 

The mobile phone DTE and/or the subscriber 
B identiry module SIM or alike incorporated therein de- 
crypts the encrypted challenge and seta (52) up a new 
call connection directly to the customer servant SERV. 
If the caller then gives the right challenge to the 
customer servant, callex-xelaved information is 
10 fetched (S3) from a database and the caller may be 
provided with the service in question. 

Figure 6 describes an embodiment of a user 
identification procedure. In Figure 6, the security 
gateway GW is property of the service provider SP. 
15 A call is set up (60) from a callp.r terminal 

DTE to a service number of a service provider SP via a 
nnmmunicanion network NET, The service provider SP re- 
fers e.g. to a bank, police, post office, operator, 
credit card company, insurance company, telephoxxe bonk 
20 or social insurance institution. Tr may, however, b* 
any other company or institution that provides serv- 
ices requiring undisputed identitication of the 
caller. In Figure <S, the service provider SP comprises 
at least a service provider server/ exchange sfs, cue 
25 cccuricy gateway GW, customer database DB and customer 
servant SERV, The communication network NET is pref- 
erably a mobile telephone nerwnrJc. Thfi caller terminal 
DTE is preferably a mobile phono comprising a sub- 
scriber identity module sim. a Wireless identity Mod- 
3 0 ule (WIM) , an UMTS Subscriber Identity Module (USIM) , 
a security module or any other tamper-proof device. 
The subscriber identity module SIM or any other tam- 
per-proof device enables encryption and decryption of 
information and also tormmg ot a digital signature • 
3C The caller must, however, be properly identi- 

fied before providing any services to the caller. 
Therefore, the security gateway <5W in connection with 
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the service provider server SPS sends si caller identi- 
fication request to the tsecuxiLy gateway GW. The secu- 
rity gateway GW provides various security- related 
functions, such as encrypting and decrypting. The re- 
5 quest (61) is transmitted to mobile phone DTE through 
a secured connection (e.g. Secured Dockets Layer 
(SSL)) e.g. m the form of HyperText Transfer Protocol 
(HTTP) , Wireless Markup Language (WML) or Extensible 
Markup Language (XML) or a me&saqe of any other form 
10 that may be secured or encrypted. The encrypt ion 
method used can by symmetric or asymmetric. 

It is very important to note that the call 
connection is maintained during the identification 
phase. 

1S The mobile phone DTE and/or the subscriber 

identity module SIM decrypt (s) the message and the de- 
crypted mpssagfl is rid splayed to the caller on the dis- 
play of the mobile phone DTE • The subscriber identity 
module aiw may cotnprise a browser that converts the 

20 message into SIM Toolkit commands prior to displaying 
the message on the display. The displayed message is 
then digitally signed with an aurh«nni nation kfiy of 
the caller and the signed message is sent [62] back to 
the security gateway uw. The signed message is pref- 

25 crably converted into the form Public-Key Cryptography 
Standards #1 (PKCS#1) and encrypLed prior lcj tsendiuy . 

In another embodiment of Pig^lre 6, the mobile 
phone itself creates a PKC3#7 message and sends (C2) 
it to the security gateway aw. The message can adcii- 

3 0 tionally be encrypted before sending. 

The security gateway gw decrypts the message 
and fetches (63) a certificate related to the sub- 
scriber from a uerLiflc^Les directory OIR of a certifi- 
cate authority CA. The certificate authority CA main- 

35 tains one or more certificate directories and a cer 
tificate revocation list CLR related to revoked or un- 
usable certificates. The certificate authority CA may 
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also comprise information about: which users are 
authorized for one or more services and which are not. 
The term authorization itself refers to the process of 
giving someone permission to do or have something. A 
certificate comprises identification information of 
Lhe certificate owner and above all, the public key of 
the owner. With the public key it is possible to ver- 
ify a digital signature. 

The security gateway GW verifies uhe digiLal 
signature and checks from the certificate revocation 
list CLR that- the certificate is valid. If the verifi- 
cation procedure was successful, the caller may now be 
provided the requested service. Furthermore, the serv- 
ice provider server SPS may create a data record con- 
taining the caller information (64) from a database 
DB, validation information and a call log information. 
Call log information simply indicates the call has 
been established during the identification procedure. 
The customer servant serv preferably uses a computer, 
and therefore, is automatically provided (65) with the 
aluxemenLioned data record prior to talking to the 
caller. 

Figure 7 describee an embodiment of a user 
identification procedure, in Figure 7, the security 
gateway GW ic property of the service provider SP. 
Furthermore, in Figure 7 uhe callex la identified by a 
second party. 

A call is set up (70) from a caller terminal 
DTE to a service number of a service provider via a 
communication network NET. The service provider SP re- 
fers e.g. to a bank, police, post office, operator, 
credit card company, insurance company, telephone bank 
or social insurance iiisLimLion. It may, however, be 
any orher company or institution that provides serv- 
ices requiring undisputed identification of the 
caller, in figure v. the service provider sp comprises 
at least a service provider server/exchange SPS, the 
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security gateway QW r customer database DB and cuocomer 
servanc SERV. The communication network ixet is pref- 
erably a mobile telephone network- The caller terminal 
DTJS is preferably an ordinary phone or a mobile phone 
5 comprising a subscriber identity module, a wireOftss 
identity module, an UMTS bubscriber identity module, a 
security module or any orh^r rampp.r-proof device- 

The caller must, however, be properly identi- 
fied betore providing any services to the caller. 
10 Therefore, the security gateway GW in connection with 
the service provider server SPS sends a (jailer identi- 
fication r«?qu fiS5 r- to a security gateway gw. The secu- 
rity gateway GW provides variouo security- related 
functions, such as encrypting and decrypting. The re- 
15 quest {71) ic then transmitted to a second terminal 
DTE2 through a secured connection (e.y. Secured Sock- 
ets Layer (SSL) ) e.g. in the form of HyperText Trans- 
fer Protocol (HTTP) , Wireless Markup Language (WML) or 
Extensible MarJcup Language (XML) or a message of any 
20 other form that may be secured or encrypted. The en- 
cryption method used can by symmetric ux cisywuieLric. 
The second terminal BTE2 is preferably a mobile phone 
cumprib-iny a subscriber identity module, a wireless 
identity module, an UMTS subscriber identity module. * 
25 secux-ity module or any other tamper-proof device. How 
ever, the second terminal DT£2 may refer to any other 
terminal, e.g. a computer or Personal Data Assistant 
(PDA) , that can be used in identif ying the identity of 
the caller. The s^conri rftrminal must therefore cora- 
30 prise means for encrypting and/or signing messages. 

The second mobile phone DTE2 and/or the sub- 
scriber identity module SIM decrypt (s) the message, 
and the decrypted message is displayed to the user on 
the display of the second mobile phone DTE2 . The sub- 
35 scxibex identity module SIM may comprise a browser 
thar. converts the message xnto SIM Toolkit commands 
prior to displaying the meocage on the display. The 
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displayed message is then digitally cigned with an 
authentication key of the user and the signed mesfcs<iye 
is sent (72) back to the security gateway GW. The 
signed message is preferably convex-Led into the form 
5 Publie-Key Cryptography Standards #l (PKTJ3#l) and. en- 
crypted prior to sending. 

In another embodiment of Figure 7, the mobile 
phone itself creates a PKCS#7 message and sends (72) 
it m r.he security gateway gw. The message can addi- 
10 tionally be encrypted before sending - 

The security gateway GW decrypt che message 
and fetches (73) a cerrif Irate related to the user ot 
the second mobile phone DTE2 from a certificate direc- 
tory DTR nf a certificate authority ca. The certifi- 
15 cate authority CA maintains one or more certificate 
directories and a certificate revocation list CIiR re- 
lated to revoked or unusable certificates. The cer- 
tificate authority Ca may also comprise information 
about which users are authorized tor one or more serv- 
ices and which arc not. The term authorization itself 
refers to the process of giving someone permiaeiou to 
do or have something. A certificate comprises identi- 
fication informatiun u£ the certificate owner and 
above all, the public key of the owner. With the pub- 
lic key it is possible to verify a digital signature. 

The security gateway GW verifies the diqital 
signature and cheeks? from the certificate revocation 
list CLR that the certificate is valid. If the verifi- 
cation procedure was successful , the caller may now be 
provided Lhe requested service. Furthermore, the serv- 
ice provider server flFfl may create a data record con- 
taining the caller information (74) from a database 
DB. validation information and a call log information. 
Call log information simply indicates rhe rail has 
35 been established during the identification procedure. 
The customer servant serv preterably uses a computer, 
and therefore, is automatically provided (75J with the 
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aforementioned data record prior to talking to the 
caller. 

Ay described in Figure 7, the caller is veri- 
fied by another person via the logical channel. In a 
5 preferx-ed embodiment, the first logical channel exists 
while rhe identifying the identity of the user of Lhe 
first terminal via the second logical channel. There- 
fore is possible that the actual caller can be practi- 
cally anybody but the identification must be acquired 

10 from a predetermined party, 

Tn another embodiment of figure 7, the first 
logical channel between the first terminal and rhe 
service provider dues nuL exist while identifying pro- 
cedure of the identity of the user of rhe first termi- 

15 rial DTE is made via the second logical channel. In one 
embodiment, rhe user of the first terminal DTE sends a 
service request (70) to the service provider SP. The 
service request is e.g. a bauk transaction request. 
The request will not be accepted until an autitioriza- 

20 Liuu is received from a second terminal DTE2. For ac 
quiring the authorization, the service provider SP 
sends a user identification request of the uoer of the 
first terminal dm to the second terminal DTE2 (71) . 
The user identification is the digitally signed by the 

25 second terminal DTE and/ox the subscriber identity 
module and the signed message is sent .back to the 
service provider (72) . If the verification procecc 
(73, 74) ot the digital signature is positive, the 
service request placed by the user of the first termi- 

30 nal DT£ can be accepted (75) . 

In this embodiment, the first terminal DTK 
refers e.q. uo an ordinary telephone, a mobile phone, 
a computer or a Personal Data Assistant (PDA) . There- 
fore, the aforementioned service request may be made 

35 via a phone call, email, short message service or any 
other messaging system. The second terminal DTE2 is 
preferably a mobile phone comprising a subscriber 
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identity module, a wireless identity module, an UMTS 
subscriber identity module, a security module or any 
other tampexr-proof device. However, the second termi- 
nal DTE 2 may refer to any other terminal, e.g. a com- 
5 puter or Personal Data Assistant (PT3A) , that can be 
used in identilyiiiy the identity of the caller. The 
second terminal must therefore comprise means for 

encrypting and/or signing messages. 

Figure b describes an embodiment of a user 

10 identification procedure. In Figure 8 f the security 
gateway Gw is property of Lhe service provider SP. 
furthermore, m Figure s the caller is identified by a 
second party. 

A call is set up (ao) or a message is sent 

15 from a u&er terminal DTE to a service provider SP via 
a communiccitiuxi iieuwurk NET. A service request ie made 
via the call or message. In thifi Rmbodimftnt, the first 
logical channel between the user terminal DTE and the 
service provider SP may not exist while identifying 

20 procedure of the identity of the user of che first 
terminal DTE is made via the second logical channel. 
The service provider SP refers e.g. to a bank, police, 
post office, operator, credit card company, insurance 
company, reJephone bank or social insurance mstitu- 

25 tion- It may, however, be any other company or insti- 
tution that provides services requiring undisputed 
identification of che caller. In Figure 8, the service 
provider SF cumprises at least a service provider 
server/excharig« SPS, the security gateway GW, customer 

30 database DB and customer servant 3ERV. The communica- 
tion networJc NET is preferably a mobile telephone net- 
work. The user terminal DTE is e.g. an ordinary tele- 
phone, or more preferably a mobile phone cumprisiuy ct 
subscriber identity module, a wirplpss identity mod- 

35 ule, an UMTS subscriber identity module, a security 
module or any other tamper-proof device. 
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The user must, however, be properly idenni- 
fled before providiny any services co the user. There- 
fore , the security gateway GW in coTinpfir.ion with the 
service provider server SPS sends a user identifica- 
5 tion request to a security gateway uw. The reguest 
comprises also a challenge, A challenge ±o any piece 
ot mrormation containing e.g. alphanumeric charac- 
ters. The security gateway GW provides various secu- 
rity-related functions , tsuch as encrypting and de- 

10 crypting. The request (fti) is then transmitted to a 
fa-euond terminal DTE2 through a secured connection 
(e.g. Secured Sockets Layer issi*) ) e.g. in the form of 
HyperText Transfer Protocol (HTTP) , Wireless Markup 
Language (WML) or Extensible Markup Ldiiyuaye (XML) or 

15 a message of any other form that may be soured or en- 
crypted. The second terminal DTE 2 i3 preferably a mo- 
bile phone comprising a subscriber identity module, a 
wirelees identity module, an UMTS subscriber identity 
module, a security module or any other tamper-proof 

20 device. The encryption method used can by symmetric nr 
asymmetric . 

The second mobile phone DTE2 and/ or the sub- 
scriber identity module SIM decrypt (c) the message 
comprising also the challenge, and the decrypted mes- 

2S sage is displayed to the user on the display of the 
second mobile phone DTE2 , The subscriber identity mod- 
ule SIM may comprise a browser that converts the mes- 
sage into 3IM Toolkit commands prior to displaying the 
message on the display. The displayed message compris- 

30 ing the challenge is then digitally signed with an 
authentication key of the user and the signed message 
is sent [Q2] back to the security gateway GW. The 
signed message is preferably converted into the form 
Public -Key Cryptography standards #1 (PK.CS31) and en- 

35 crypted prior to sending. 

in another embodiment of Figure 8, the second 
mobile phone itself DTE 2 creates a PKCS#7 message and 
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senda (82) it to che security gateway GW- The massage 
can addle ionally be encrypted before send-Liiy. 

After signing and sending che signed message 
co che service provider SF, che user of che second mo- 
5 bile phone DTE2 provides the challftngft to the user ot 
che first terminal DTE 183). The user of che first 
Terminal DT£ is provided with che challenge e.g. vxa a 
phone call, short message service, email etc. If che 
original connection (8QJ does noc exist any more, the 

10 user of che firsc cerminal DTE sees up another call 
(a*) or seiidtf auotbei message cq che service provider 
SP via the communication network NET, The user muse 
provide the service provider with the challenge ac- 
quired from the user of the second mobile phone DTE2. 

1 £ The security gateway GW decrypts che message 

aud fetches (as J a cercificace related to the user of 
the second mobile phnrjfi DTE2 from a certificate direc- 
tory Din of a certificate authority Ci\. The certifi- 
cate authority ca maintains one or more certificate 

20 directories and a certificate revocation list CLR re- 
lated co revoked oi uuutfable cercif icaces , The cer- 
tificate authority CA may also comprise information 
about which users are authorised for one or more serv- 
ing and which are not. The term authorization itself 

25 refers to che procepc of giving someone permission to 
do or have sameching. A certificate comprises identi- 
fication information of the certificate owner and 
above all, che public key of the owner- With the pub- 
lic key it is possible to verity a digital signature, 

30 The security gateway GW verifies che digital 

signature and checks from che certificate revocation 
list CLR that che cercificace is valid. If che verifi- 
cation procedure was tsuutjesslul , the caller may now be 
provided rh^ requested service. Furthermore, the serv- 

35 ice provider server SPS may create a data record con 
taming the user information IU6) from a database DB 
and validation information. The customer servant SSRV 
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preferably uses a computer, and therefore, is* auto- 
marically provided (87) with the aforementioned data 
record prior to talking to the r.al1er. 

In this embodiment, the first terminal refers 
e.g. to an ordinary telephone, a mobile phone, a com- 
puter or a Personal Data Assistant (PDA) . Therefore, 
the aforementioned service request may be made vid a 
phone call, email, short massage service or any other 
messaging system. The second terminal DTE 2 is prefera- 
bly a mobile phone* comprising a subscriber identity 
module, a wireless identity module, an UMTS subscriber 
identity module, a security module or any other tam- 
per-proof device. However, the second terminal DTE? 
may refer to any other Lexmuidl , e.g. a computer or 
Personal Data Assistanr (PDA), that can be used m 
identifying the identity of the user of the first ter- 
minal DTE. The second terminal DTE2 must therefore 
comprise means for encrypting and/ or signing messages. 

Figure 3 describes an example of a preferred 
system in accordance with the present invention. The 
system comprises a communication network NET, a caller 
terminal DTE aspnm'ar.fid with the communication network 
NJ2T and a service provider SP associated with the com- 
munication network WET. The caller Lerwln<*l DTE is 
preferably a mobile phone and the communication net- 
work NET a GSM network/ a GSM network with a GPRS fea- 
ture or an UMTS nerwork. 

The system further comprises a service pro- 
vider server/exchange SPS and a customer servant serv. 
The customer servant SERV provides a caller with a 
service. Furthermore, the system comprises a security 
gateway GW that is used to provide varinus security 
functions in the system, e.g. encrypting and decrypt 
mg. The system comprises also a certificate authority 
CA that has access both to a certificate directory and 
certificate revocation list clr. 
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Sending means SM for sending a caller identi- 
fication request are arranged in the service provider 
server/ exchange sps. The service provider 
server/exchange 3PS furthermore comprises first en- 
crypting means £N1 for encrypting information, fi±st 
decrypting means DEI for decrypting information and 
identifying means id for identifying the caller after 
a call has been set up prior ro providing any services 
to the caller baaed on the information provided by the 
certificate authority ca. The aforementioned sending 
means £JM are arranged alco to send a challenge to che 
caller terminal DTE in tbe event chat the Lclcpliuue 
connection set up between the caller terminal DTE and 
service provider SP fails. In one embodiment, the 
aforementioned sending means SM are arranged also to 
send a challenge to che second terminal DTE2. 

The security gateway GW cumpxises sending 
means SM for sending a caller identification request, 
identifying means ID for identifying the caller after 
a call has been set up prior to providing any services 
to the caller baaed on the information provided by the 
certificate authority ui. second encrypting means EN2 
for encrypting information and second decrypting means 
DE2 £ul decrypting information. 

The caller r.erminal DTE comprises a sub- 
scriber identity module SIM, third encrypting means 
mi for encrypting information and third decrypting 
means DE3 for decrypting information. Instead of a 
subscriber identity module SIM, <t wireless Identity 
Module (WTM), an UMTS Subscriber Identity Module 
(USIM), a security module or any other tamper-proof 
device can be used. The subscriber identity module SIM 
or any other tamper- proof device enables encryption 
and decryption of information and also forming of * 
digital signature. 

The aforementioned means are implemented e.g. 
by software and/or hardware in a way known to skilled 
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in arc and therefore they are nor described in more 
detail . 

Figures 1-9 disclose different configura- 
tions of the system in accordance with the present in- 
5 vention. in Figures i - 9, the certificate authority 
acta ae a certificate service* provider. It must be 
noted that any other appropriate; party can as well act 
as a certificate service provider, it is also possi- 
ble, however not depicted in the figuroc, that the se- 

10 curity gateway is managed by the service provider and 
that the certificate service provider functions are 
provided by the service provider itself. Fw-Liietmoi-e, 
it is possible rhar nine service provider acts also as 
a certificate service provider, and therefore, a dis 

15 tinct trusted third party is not needed. Although it 
is described in Figures 1-9 that the terminal de- 
vices DTE, JDTE2 are mobile phones, they can be any 
other appropriate terminal devices. Moreover, although 
it has been described that the mobile phone and/ or se- 

?n curity gateway use(s) PKCS#l or FXGSff7 messages in 
validation meopaging, PKCS#1 and PKCSff7 messages are 
used only as examples and any other appropriate mes- 
sages can be used. 

The present invention describes a solution 

25 wherein a logical channel (e.g. a call connection) is 
set up between q, caller terminal and a service pro- 
vider. The problem is how to reliably verify the iden- 
tity of the caller. Therefore, in accordance with the 
present invention the caller is authenticated via a 

30 another preferably secured logical channel between the 
service provider and the caller terminal prior to pro- 
viding any services to the caller via the established 
call connection. The transmission channel itself is 
known to a man skilled in the axL and refers e.g. to a 
35 connectionless packet data connection via a mobiJe 
communication network or a packet connection using the 
fwmirp and standardized GSM teature described e.g. in 
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the ETSI TS 101 181 V8 . 8 . 0 (2001-12) publication. How- 
ever, the transmission channel may also refer to a 
circuit switched connection. 

Furthermore, the present invention provides a 
5 secure solution for identification, authentication, 
validation and authorization of a urpt via two logical 
c-hdimels • 

It is obvious to a person skilled in the art 
that with the advancement of technology, the basic 
10 idea of the invention may be implemented in various 
ways. The invention and its embodiments are thus nor 
limited to tiie examples Uescxibed above, instead they 

may vary within the scope of the claims. 
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1. A method for authenticating a user of a 
first terminal in a communication system, 

characterised in that the method 
5 comprises the steps of: 

setting up a first logical channel via a communi- 
cation network between a first terminal and a service 
provider/ and 

identifying the identity of the user of the firct 
10 terminal after the tirst logical channel set up via a 
second logical channel other than the established 
first logical channel between the service provider and 
the first terminal prior to providing any servinBB rn 
the user of the first terminal. 
15 2, The method according to claim l, char- 

acterized in that the method further comprises 
the steps of: 

sending a user identification requesr f r nm r.hft 
service provider lu Lhe first terminal via the second 
20 logical channel whilft the* first logical channel exists 
between the first terminal and the service provider j 

receiving the user identification request with the 
first terminal while the first logical channel exist s,- 
digitally sigxiixig Lhe xequest; 
25 sending che signed request with the tirst terminal 

via the second logical channel; 

authenticating the user of the first terminal and 
verifying the digital oignature; and 

providing the user with sexvlcesy provided by the 
30 service provider via the first logical channel. 

3, The method according to claim 1, c ha r - 
anr. «rized in that the method further comprises 
the steps of: 

sending a user identification request lor Lhe usex 
3 5 of the first terminal from the service provider to a 
second terminal via Lhe fecund logical channel while 
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the first logioal channel exists between the* first 
terminal and Lhe service provider,- 

receiving the user identification request with the 
yecuiid terminal while the fir an logical channel ex- 
's iStS; 

digitally 3igning the request; 

sending the signed requesu wiUi Lhe second termi- 
nal via the second logical channel; 

autheiiLieciLiug the user of the second terminal and 
0 verifying the digital signature; and 

providing the user of the first terminal with 
services provided toy the service provider via the 
first logical channel. 

4. The method according to claim 1, char- 
ter, e r i 2 e d in that the method further comprises 
the steps of ; 

sending a user identification request for the user 
of the first terminal from the service provider to a 
second terminal via the second logical channel, Lh« 
user identification request comprising also a chal- 
lenge; 

receiving the user identification request compris- 
ing the challenge with the second terminal/ 

digitally biyniny Lhe request comprising the chal- 
lenge ; 

sending the signed request with the second termi- 
nal via the second logical channel; 

providing the user of the first terminal with the 
challenge with the second terminal; 

providing the service provider with the challenge 
acquired from Lhe usex of the second terminal 

comparing thp. challenge in the signed message from 
the second terminal and the challenge provided by the 
user of the first terminal; and if the challenges are 
equal, 

authenticating the user of the second terminal and 
verifying the digital signature; and 
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providing the user of the first terminal with 
services provided by the service provider via the 
lirtJL logical channel. 

5. The method according to claim 1, 2, 3 or 
S characterised in that the first and/or 

second logical channel refers to <x packet switched 
connection. 

6. The method according to claim 1, 2, 3 or 
4, characterized in that the first and/ or 

10 second logical channel refers to a circuit switched 
connection. 

7. The method according to claim 1, 2, 3 or 
4, characterized in that the method further 
comprises the Rtftp of: 

12 arranging a security gateway forming an interface 

towards the first and/ or second terminal, 

8- The method according to claim 7, char- 
acterized in that Lhe method further comprises 
the steps of: 

2 0 identifying the service provider with che security 

gateway; 

sending a user identification request from the 
service provider to the security gateway; 

sending the user identification request from the 
25 security gateway to the first terminal via the second 
logical channel; 

receiving the identification request with the 
first terminal; 

digitally signing the request; 

3 0 sending the signed request iu Lhe secuxity gateway 

via the second logical ohaTmftl ; 

retrieving a certificate related to the ucer of 
the tirst terminal; 

authenticating the identity of the user of the 
3b first terminal and verifying the digital signature; 
and 
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providing Lite user of the first terminal a service 
provided by the* service provider via the existing 
fix-tsL logical channel. 

9. The method according to claim i, char - 
S acterised in that the method further comprises 
the steps of: 

identifying the service provider with the security 
qateway; 

sending a user identification request of the user 
0 of the first terminal from the service provider to the 
security gateway; 

sending the user ident if icar i nn request from the 
b-ecurity gateway co a second terminal via the second 
logical channel; 

receiving the user identification request with the 
second terminal: 

digitally signing the request 

sending Lhe signed request to the security gateway 
via the second logical channel; 

retrieving a certificate related to the user of 
the second terminal; 

authenticating the identity of the user of the 
second terminal and verifying the digital signature ; 
and 

providing the user of the first terminal a service 
provided by the service provider via the existing 
first logical channel, 

iu. The method according to claim 2, 3, 4, a 
or 9, characterised in rhan the method ±ur- 
ther comprises the step of; 

encrypting the user identification request sent to 
the first and/or second terminal using symmetric or 
asymmetric encryption; and 

encrypting the signed request sent from rhe first 
and/or second terminal uainy symmetric or asymmetric 
encryption. 
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11- Olae method according to claim 8 or 3, 
characterized in ujiau the method further 
comprise^ the step of; 

encrypting Lhe signed uper identification request 
5 sent to the security gateway using symmetric or asym- 
metric encryption. 

12. The method according to claim 8 or 9, 
characterized in that the method further 
comprises the steps of: 

10 retrieving with the security gareway a certificate 

related Lu Lhe user of the first and/or second termi- 
nals- 
creating and sending a validating message to the 
service provider; and 

15 validating the user of the first and/or second 

Lerminal with the service provider based on the vali 
dating message and validating information. 

13, The method according to claim 8 or 9, 
characterized in that the method further 

2 0 comprises the steps of: 

retrieving with the security gateway validation 
information comprising at least a certificate related 
to the user of the firet and/or second terminal; 

authenticating the identity of the user of the 

2 5 first and/ or second terminal with the security gateway 

based on the validation information; cuid 

sending a positive validation message no rhe serv- 
ice provider if the result of the validation was posi 
tive. 

3 0 14. The method according to claim 1, char- 

acterized in that if the f irsL layicctl cheumel 
fails during the validation procedure, the method fur- 
ther comprises the aLeps of: 
creating a challenge; 
35 encrypting the challenge with the public encryp- 

tion Key of the user of the first terminal; 
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sending the «ncrypted challenge to the first ter- 
minal ; 

decrypting the encrypted challenge in the firyL 
terminal; 

setting up a new logical channel to the service 
provider,- 

providing Lhe service provider with the decrypted 
challenge; and if the chaJ. leng« ir acceptable, 

providing the user of chc first terminal via the 
logical channel with a service provided by the service 
provider. 

15 . The method According- to claim 14 , 
characterized in that the method further 
comprises the step of; 

sending the encrypted challenge to the first ter- 
minal via a security gateway. 

16. A system for authenticating a user of a 
first Terminal in a communication system, the system 
comprising; 

a communication network (iqet) . 

a first terminal (DTE) associated with the commu- 
nication network (net) , 

a service provider (SP) associated with rhe commu- 
nication network (NET) , 

a r.Rrr.i f i care service provider (CA) , 

characterised ixx that the system 
further comprises: 

sending means (SMJ for sending a user identifica- 
tion request to the first terminal (DTE) or a second 
terminal (DTE2J ; and 

identifying means I ID} for identifying the iden 
tity of the user of the first terminal (DTE) after a 
first logical channel has been set up via a second 
logical channel other than the established first logi- 
cal channel between che service provider *nrl r.hft first 
terminal (DTE) prior to providing any services to the 
user ot the first terminal (DTK) based on the informa- 
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tion provided by the certificate service provider 
fCA) . 

17. The system according to claim 16 , 
characterized in chat che system further 
5 comprises r 

<t security gateway (GW) in connection with the 
sR-rvice provider (SPJ and certificate service provider 
(CA) . 

lb. The system according tu ulai.ni 17, 
10 characterized in chat the s«curity gateway 
(GW) ia mauayed fcy che service provider (SP) . 

19- The system according to claim l?, 
characterised in that th« security gateway 
(GW) is managed toy a third party. 
15 20 • system according to claim 15, 

characterized in that said sending means 
(SM) are arranged in the service provider (SP) . 

21. The cyctem according to claim 16 or 17 , 
characterized in that said sending means 

20 (SM) are arranged in the service provider (SP) and se- 
uuriLy gateway (GW) „ 

22. The system according r.n claim 16 or 17, 
characterized in that said identifying means 
(TD) are arranged in the service provider (SP) and/or 

25 security gateway (GW) . 

23. The system tteuordiny co claim 16, 
characterized in that the service provider 
(SP) comprises; 

tirst encrypting means (mi) for encrypting infor- 
3 0 mation; and 

first decrypting means (DEI) Cor decrypting infor- 
mation. 

24. The system according co claim 17, 
characterized in that the security gateway 

35 (GW) comprises; 

second encrypting means (EH2) for encrypting in- 
formation,- and 
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second decrypting meams (DE2) for decrypting in- 
formation. 

25. The system according to claim 16 , 
characterized in chat the first terminal 
5 (DTE) and/ or ceeond terminal (DTE2 ) comprises: 

third encrypt lag means (EN3 ) lor encrypting infor- 
mation / and 

third decrypting means (DE3) for decrypting infor 
mation. 

10 2C. The system according to claim 20 or 21, 

characterized in that said sending me<m& 
(2M) are arranged to send a challenge to the first 
terminal (DTE) in the event that the logical channel 
set up between rhft first terminal (DTE) and service 

15 provider (SP) fails. 

27. The system according to claim 2Q or 21 , 
characterised in that said sending means 
(SM) are arranged uo send a challenge to the second 
terminal (DTE2) . 

20 28. The system according to any of the claims 

16 - 27, characterized in that the communi- 
cation network ic a GSM network ♦ 

29. The system accoxdiuy to any of the claims 
16 - 27, characterized in that the commiim- 

25 cation uecwuxk is a GSM network with the 3PR3 feature. 

30. The system according to any of the claims 
16 - 27, characterized in that the communi- 
cation network is an umts, a cdma, a wcdma, an edge, a 
Bluetooth, or a WLW network. 

30 
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(57) ABSTRACT 

The present invention describes 
a method and system for verifying the 
identity of a user of a tirst terminal 
in a communication system comprising at 
5 least a communication network (WKTJ , a 
first terminal (DTE) associated with the 
communication network (NET) and a serv- 
ice provider (SP) associated with the 
communication network (NET) „ In the 

10 method, a first logical channel is set 
up via the communication network between 
the first terminal I DTE) and Lhe service 
provider (SP) . The user of the first 
terminal is identified after the first 

15 logical channel ser up vja a second 
logical channel other than the estab- 
lished first logical channel between the 
service provider and the first terminal 
prior lo providing any services to the 

20 nail p.r - 

(FIG* 1) 
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